Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A routing device comprising a processer, configured to: configure data traffic routing for a network device within a private network using private links, wherein configuring data traffic routing for the network device within the private network blocks the network device from communicating with other network devices in a public network; receive an access request requesting access to data content at a destination address in the public network from the network device, wherein the access request comprises the destination address for the data content in the public network; send the access request to a proxy server in the private network; receive an access request response from the proxy server in response to a determination that the content associated with the access request satisfies a set of access rules, wherein the access request response indicates an approval for accessing the data content at the destination address; configure data traffic routing between the network device and the destination address using public links after receiving the access request response indicating the approval for accessing the data content at the destination address, wherein configuring data traffic routing between the network device and the destination address bypasses the proxy server; and communicate data traffic between the network device and the destination address using public links.
A routing device manages data traffic routing for a network device within a private network, initially blocking communication with devices in a public network. The device receives an access request from the network device for data content at a destination address in the public network. The request includes the destination address and is forwarded to a proxy server within the private network. The proxy server evaluates the request against a set of access rules. If the content meets these rules, the proxy server sends an approval response. Upon receiving this approval, the routing device reconfigures data traffic routing to allow direct communication between the network device and the destination address in the public network, bypassing the proxy server. This enables the network device to access the requested data content through public links while maintaining controlled access to external resources. The system ensures secure and rule-based access to public network content from a private network environment.
2. The device of claim 1 , wherein determining whether the content associated with the access request satisfies the set of access rules comprises: determining the content has been cached; accessing the cached content; and determining the cached content passes a threat detection analysis.
This invention relates to a security device for controlling access to digital content based on predefined access rules. The device addresses the problem of efficiently verifying whether requested content complies with security policies while minimizing redundant processing. The system determines whether content associated with an access request meets a set of access rules by first checking if the content has been previously cached. If cached, the device retrieves the stored content and performs a threat detection analysis to ensure it remains compliant with security standards. This approach reduces computational overhead by avoiding repeated threat assessments on already-vetted content. The device may also include a network interface for receiving access requests and a processor to execute the access control logic. The threat detection analysis may involve scanning for malware, checking file integrity, or verifying digital signatures. The system ensures secure content delivery while optimizing performance by leveraging cached data when possible. This method is particularly useful in environments where content is frequently accessed and must undergo rigorous security checks.
3. The device of claim 1 , wherein determining whether the content associated with the access request satisfies the set of access rules comprises: determining the content is not cached; accessing the content from the destination address; and determining the content passes a threat detection analysis.
4. The device of claim 1 , wherein determining whether the content associated with the access request satisfies the set of access rules comprises: identifying a user associated with the access request; determining permission settings for the user; and determining the user is allowed to access content associated with the access request based on the permission settings.
5. The device of claim 1 , wherein determining whether the content associated with the access request satisfies the set of access rules comprises: identifying a user associated with the access request; determining a location for the user; and determining the user is allowed to access content associated with the access request based on the location for the user.
6. The device of claim 1 , wherein determining whether the content associated with the access request satisfies the set of access rules comprises: identifying a user associated with the access request; and authenticating the user associated with the access request.
7. The device of claim 1 , wherein determining whether the content associated with the access request satisfies the set of access rules comprises: determining whether the content is cached; and accessing the content from the destination address in response to determining the content is not cached.
8. The device of claim 1 , wherein private links allow signal communications between the network device and other devices in the private network.
A network device is configured to establish and manage private communication links within a private network. The device includes a processor and a memory storing instructions that, when executed, enable the device to create and maintain private links for secure signal communications between itself and other devices within the private network. These private links ensure that data exchanged between the network device and other devices in the private network is isolated from external networks, enhancing security and privacy. The device may also include a network interface for transmitting and receiving signals over the private links, as well as a storage module for storing data related to the private network connections. The private links are established using encryption or other security protocols to prevent unauthorized access. The device may further include a management module to monitor and control the private links, ensuring reliable and secure communication within the private network. This configuration allows for secure, isolated communication channels within a private network, addressing the need for enhanced privacy and security in networked environments.
9. The device of claim 1 , wherein public links allow signal communications between the network device and a device associated with the destination address in the public network.
A system enables secure communication between a network device and a destination device in a public network. The system includes a network device configured to receive a request for communication with a destination address in the public network. The network device generates a public link that facilitates signal communications between the network device and the destination device. The public link is accessible to the destination device, allowing it to establish a connection with the network device. The system ensures that the communication is initiated and controlled by the network device, enhancing security by preventing unauthorized access. The public link may include authentication mechanisms to verify the identity of the destination device before establishing the connection. The network device can also monitor and manage the communication session, ensuring compliance with security policies. This approach allows for secure, controlled communication between devices in different networks without requiring complex firewall configurations or VPN setups. The system is particularly useful in environments where direct communication between devices is restricted due to security policies or network architecture limitations.
10. The device of claim 1 , wherein the routing device is further configured to send the access request response to the network device in response to receiving the access request response from the proxy server.
11. A network routing method, comprising: configuring data traffic routing for a network device within a private network using private links, wherein configuring data traffic routing for the network device within the private network blocks the network device from communicating with other network devices in a public network; receiving an access request requesting access to data content at a destination address in the public network from the network device, wherein the access request comprises the destination address for the data content in the public network; sending the access request to a proxy server in the private network; receiving an access request response in response to a determination that the content associated with the access request satisfies a set of access rules; configuring data traffic routing between the network device and the destination address using public links after receiving the access request response indicating the approval for accessing the data content at the destination address, wherein configuring data traffic routing between the network device and the destination address bypasses the proxy server; and communicating data traffic between the network device and the destination address using public links.
12. The method of claim 11 , wherein determining whether the content associated with the access request satisfies the set of access rules comprises: determining the content has been cached; accessing the cached content; and determining the cached content passes a threat detection analysis.
13. The method of claim 11 , wherein determining whether the content associated with the access request satisfies the set of access rules comprises: determining the content is not cached; accessing the content from the destination address; and determining the content passes a threat detection analysis.
14. The method of claim 11 , wherein determining whether the content associated with the access request satisfies the set of access rules comprises: identifying a user associated with the access request; determining permission settings for the user; and determining the user is allowed to access content associated with the access request based on the permission settings.
15. The method of claim 11 , wherein determining whether the content associated with the access request satisfies the set of access rules comprises: identifying a user associated with the access request; determining a location for the user; and determining the user is allowed to access content associated with the access request based on the location for the user.
16. The method of claim 11 , wherein determining whether the content associated with the access request satisfies the set of access rules comprises: identifying a user associated with the access request; and authenticating the user associated with the access request.
This invention relates to access control systems for digital content, addressing the challenge of securely verifying user identity before granting access to restricted resources. The method involves evaluating whether a user's access request complies with predefined rules by first identifying the user making the request. This identification process may include analyzing user credentials, device information, or behavioral patterns. Once the user is identified, the system authenticates them through methods such as password verification, biometric checks, or multi-factor authentication. The authentication step ensures that the user is who they claim to be before proceeding with access validation. This approach enhances security by preventing unauthorized access while maintaining efficient user verification. The method can be integrated into various systems, including cloud storage, enterprise networks, or application platforms, to enforce access policies dynamically. By combining user identification and authentication, the system provides a robust framework for managing permissions and protecting sensitive data.
17. The method of claim 11 , wherein determining whether the content associated with the access request satisfies the set of access rules comprises: determining whether the content is cached; and accessing the content from the destination address in response to determining the content is not cached.
18. The method of claim 11 , wherein configuring data traffic routing for the network device within the private network enables signal communication between the network device and other devices in the private network.
19. The method of claim 11 , wherein configuring data traffic routing between the network device and the destination address using public links enables signal communications between the network device and a device associated with the destination address in the public network.
This invention relates to network communication systems, specifically methods for routing data traffic between a network device and a destination address in a public network. The problem addressed is ensuring reliable signal communication between devices in a public network, particularly when using public links for data traffic routing. The method involves configuring data traffic routing between a network device and a destination address using public links. This configuration enables signal communications between the network device and a device associated with the destination address in the public network. The routing process may include determining a path through the public network, establishing connections, and managing data transmission to ensure proper signal communication. Additionally, the method may involve monitoring the status of the public links to maintain communication quality. If a link fails or degrades, the system can reroute traffic through alternative paths to sustain connectivity. The method may also include security measures to protect data transmitted over public links, such as encryption or authentication protocols. By using public links for routing, the system ensures that devices in the public network can communicate effectively, even if direct private connections are unavailable. This approach improves network flexibility and reliability, allowing seamless data exchange between devices in different network environments. The method is particularly useful in scenarios where private network infrastructure is limited or unavailable, ensuring continuous communication in diverse network conditions.
20. The method of claim 11 , further comprising sending the access request response to the network device in response to receiving the access request response from the proxy server.
Unknown
February 9, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.